<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第179期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第179期）</strong></h5>
<blockquote> 2017/07/31-2017/08/06</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>宝马，福特等多款品牌车辆TCUs存漏洞，可导致远程执行任意代码<br><a target="_blank" href="http://www.4hou.com/info/news/6965.html">http://www.4hou.com/info/news/6965.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>丝绸之路3.1“被黑”，老板宣称破产<br><a target="_blank" href="http://www.4hou.com/info/news/6982.html">http://www.4hou.com/info/news/6982.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>HBO电视网被黑：《权力游戏 7》视频泄露<br><a target="_blank" href="http://www.4hou.com/info/6926.html">http://www.4hou.com/info/6926.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>NSA Collects MS Windows Error Information<br><a target="_blank" href="https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html">https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>安识科技殷晓明：道阻且长，欣然前往 <br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652881112&amp;idx=1&amp;sn=aaef80f416a2b9d773e92cda3f314544&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652881112&amp;idx=1&amp;sn=aaef80f416a2b9d773e92cda3f314544&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>WikiLeaks 公开 Macron 竞选团队的电子邮件<br><a target="_blank" href="http://www.solidot.org/story?sid=53297">http://www.solidot.org/story?sid=53297</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>社工盒子 最全面的社会工程学工具<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25409-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25409-1-1.html?from=sec</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>社工库杂谈<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-20469-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-20469-1-1.html?from=sec</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>安全顶会之CCS 2017 录用论文列表<br><a target="_blank" href="https://acmccs.github.io/papers/">https://acmccs.github.io/papers/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>DotNetNuke任意代码执行漏洞(CVE–2017–9822)分析预警<br><a target="_blank" href="https://cert.360.cn/warning/detail?id=e689288863456481733e01b093c986b6">https://cert.360.cn/warning/detail?id=e689288863456481733e01b093c986b6</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>[渗透神器系列] Metasploit<br><a target="_blank" href="https://thief.one/2017/08/01/1/">https://thief.one/2017/08/01/1/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>YaraGuardian: Django web interface for managing Yara rules<br><a target="_blank" href="https://github.com/PUNCH-Cyber/YaraGuardian">https://github.com/PUNCH-Cyber/YaraGuardian</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>A Look at JS_POWMET, a Completely Fileless Malware<br><a target="_blank" href="http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/">http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>us-17-Yuwei-Ghost-Telephonist-Link-Hijack-Exploitations-In-4G-LTE-CS-Fallback<br><a target="_blank" href="https://www.blackhat.com/docs/us-17/thursday/us-17-Yuwei-Ghost-Telephonist-Link-Hijack-Exploitations-In-4G-LTE-CS-Fallback.pdf">https://www.blackhat.com/docs/us-17/thursday/us-17-Yuwei-Ghost-Telephonist-Link-Hijack-Exploitations-In-4G-LTE-CS-Fallback.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试中的certutil<br><a target="_blank" href="https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E4%B8%AD%E7%9A%84certutil.exe/">https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E4%B8%AD%E7%9A%84certutil.exe/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>漏洞应急响应之批量poc验证<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-21441-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-21441-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HTTP 中的隐藏攻击面<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/28306016?group_id=876856830662438912">https://zhuanlan.zhihu.com/p/28306016?group_id=876856830662438912</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>复现Struts2-048高危漏洞<br><a target="_blank" href="http://www.toutiao.com/i6447260880299098638/">http://www.toutiao.com/i6447260880299098638/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SiteScan: 网站基本信息自动扫描系统<br><a target="_blank" href="https://github.com/jasonsheh/SiteScan">https://github.com/jasonsheh/SiteScan</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何使用深度学习检测XSS<br><a target="_blank" href="http://www.freebuf.com/news/142069.html">http://www.freebuf.com/news/142069.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Github信息泄露升级版案例<br><a target="_blank" href="http://www.ms509.com/?p=718">http://www.ms509.com/?p=718</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试方法论之文件上传<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23193-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-23193-1-1.html?from=sec</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>使用Neo4j可视化Windows日志<br><a target="_blank" href="http://www.4hou.com/technology/6875.html">http://www.4hou.com/technology/6875.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>详细的漏洞复现-vsftpd-v2.3.4<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25066-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25066-1-1.html?from=sec</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Windows Lnk远程代码执行漏洞(CVE-2017-8464)利用测试<br><a target="_blank" href="http://www.4hou.com/system/6938.html">http://www.4hou.com/system/6938.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Koadic C3 COM Command &amp; Control - JScript RAT<br><a target="_blank" href="https://github.com/zerosum0x0/koadic">https://github.com/zerosum0x0/koadic</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>暗网收集公开情报资源(上):利用OnionScan搭建属于自己的暗网搜索引擎<br><a target="_blank" href="http://bobao.360.cn/learning/detail/2952.html">http://bobao.360.cn/learning/detail/2952.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>如何使用OnionScan定制暗网爬虫<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3166.html">http://bobao.360.cn/learning/detail/3166.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>攻破黑市最流行的钓鱼网站<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24972-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24972-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>3亿6千万被黑密码免费下载及使用介绍<br><a target="_blank" href="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/">https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>暗网系列之：利用Python + OnionScan 打造自己的安全威胁情报平台（一）<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIxMzQ3MzkwMQ==&amp;mid=2247489932&amp;idx=1&amp;sn=860bfed6583f1e2b2bf4f05bee42198c&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIxMzQ3MzkwMQ==&amp;mid=2247489932&amp;idx=1&amp;sn=860bfed6583f1e2b2bf4f05bee42198c&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>当我们谈论“安全意识”时，我们在谈论什么？<br><a target="_blank" href="https://sosly.me/index.php/2017/07/30/anquanyishi/">https://sosly.me/index.php/2017/07/30/anquanyishi/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一篇关于xss的科普文<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484584&amp;idx=1&amp;sn=ed1d8351354bc6e0f5ebf8272e57510d&amp;chksm=ec1e3480db69bd96ee6f609ad17cdeb5234f1c3e57ae17c765cf24c7edff39e3e82b9d0897ed#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484584&amp;idx=1&amp;sn=ed1d8351354bc6e0f5ebf8272e57510d&amp;chksm=ec1e3480db69bd96ee6f609ad17cdeb5234f1c3e57ae17c765cf24c7edff39e3e82b9d0897ed#rd</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Web端口复用正向后门研究实现与防御<br><a target="_blank" href="http://www.freebuf.com/articles/web/142628.html">http://www.freebuf.com/articles/web/142628.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Brida:将frida与burp结合进行移动app渗透测试<br><a target="_blank" href="http://www.4hou.com/penetration/6916.html">http://www.4hou.com/penetration/6916.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>白帽子的反击，一次社工智障锁机病毒er<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25199-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25199-1-1.html?from=sec</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>攻击者侵入系统后如何提升账户权限：提权技术详细分析<br><a target="_blank" href="https://mp.weixin.qq.com/s/4U4w2NZQUDnwcJ1On5kE9A">https://mp.weixin.qq.com/s/4U4w2NZQUDnwcJ1On5kE9A</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>暗网收集公开情报资源(下):Python＋Shodan＋SSH密钥<br><a target="_blank" href="http://bobao.360.cn/learning/detail/2955.html">http://bobao.360.cn/learning/detail/2955.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>中国上市网络安全公司分析报告2017Q2<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484306&amp;idx=1&amp;sn=58e9aefed8e76007216acada81c02bc7&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484306&amp;idx=1&amp;sn=58e9aefed8e76007216acada81c02bc7&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>linux安全加固<br><a target="_blank" href="http://mp.weixin.qq.com/s/0nxiZw1NUoQTjxcd3zl6Zg">http://mp.weixin.qq.com/s/0nxiZw1NUoQTjxcd3zl6Zg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Fuzzing SQL,XSS and Command Injection using Burp Suite<br><a target="_blank" href="http://www.hackingarticles.in/fuzzing-sqlxss-command-injection-using-burp-suite/">http://www.hackingarticles.in/fuzzing-sqlxss-command-injection-using-burp-suite/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>ISF(Industrial Exploitation Framework) 基于Python的工控漏洞利用框架<br><a target="_blank" href="https://github.com/dark-lbp/isf">https://github.com/dark-lbp/isf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>教你通过Node.js漏洞完成渗透测试<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24807-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24807-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Linux 端口转发特征总结<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3Mzk1MDk1NA==&amp;mid=2651903919&amp;idx=1&amp;sn=686cc53137aa9e8ec323dda1e54a2c23&amp;chksm=84e3442ab394cd3ccafd8006cbabdc3c0bf305a6543e0b55ea4aaa51c8768dc8eb5cfee2a0d4&amp;scene=0#rd">https://mp.weixin.qq.com/s?__biz=MzA3Mzk1MDk1NA==&amp;mid=2651903919&amp;idx=1&amp;sn=686cc53137aa9e8ec323dda1e54a2c23&amp;chksm=84e3442ab394cd3ccafd8006cbabdc3c0bf305a6543e0b55ea4aaa51c8768dc8eb5cfee2a0d4&amp;scene=0#rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>绕过WAF注入<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25397-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25397-1-1.html?from=sec</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Pingback漏洞利用技术<br><a target="_blank" href="http://blog.csdn.net/u011721501/article/details/76581012">http://blog.csdn.net/u011721501/article/details/76581012</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>DNS域名解析解剖<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/28305778">https://zhuanlan.zhihu.com/p/28305778</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>DEFCON 25 CTF參賽記 <br><a target="_blank" href="http://maskray.me/blog/2017-08-01-defcon-25-ctf">http://maskray.me/blog/2017-08-01-defcon-25-ctf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Linux各类后门整理<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25119-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25119-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>日志追凶之从看日志了解黑客攻击手法<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25379-1-1.html">https://bbs.ichunqiu.com/thread-25379-1-1.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>一文读懂TensorFlow基础<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI1MjQ2OTQ3Ng==&amp;mid=2247485432&amp;idx=1&amp;sn=058f5d3cb2f2ac6fdeb759aac1c77601&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI1MjQ2OTQ3Ng==&amp;mid=2247485432&amp;idx=1&amp;sn=058f5d3cb2f2ac6fdeb759aac1c77601&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>[原创] 我在全球最大的同性社交平台那点事 <br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24971-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24971-1-1.html?from=sec</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Mandiant and Adi Peretz Leaks（含文件下载）[翻墙]<br><a target="_blank" href="https://pastebin.com/raw/6HugrWH4">https://pastebin.com/raw/6HugrWH4</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安卓漏洞学习一<br><a target="_blank" href="http://mp.weixin.qq.com/s/aM3rIkwxE2LuE_1jSdWFkA">http://mp.weixin.qq.com/s/aM3rIkwxE2LuE_1jSdWFkA</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>us-17-Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monit<br><a target="_blank" href="https://www.blackhat.com/docs/us-17/wednesday/us-17-Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor.pdf">https://www.blackhat.com/docs/us-17/wednesday/us-17-Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor.pdf</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第178期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/178">https://www.sec-wiki.com/weekly/178</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> 抱歉，马斯克，你的特斯拉归我了<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25280-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25280-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从看日志了解黑客攻击手法<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25379-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25379-1-1.html?from=sec</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Cobalt strikes back: an evolving multinational threat to finance<br><a target="_blank" href="http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.html">http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>extractTVpasswords: extract passwords from TeamViewer memory using Frida<br><a target="_blank" href="https://github.com/vah13/extractTVpasswords">https://github.com/vah13/extractTVpasswords</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>[代码审计] Java代码审计连载之—添油加醋<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25475-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25475-1-1.html?from=sec</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>一次对恶意邮件分析并拿下其赎金服务器的溯源<br><a target="_blank" href="http://www.4hou.com/info/news/6970.html">http://www.4hou.com/info/news/6970.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>gwhatweb: CMS识别 python gevent实现<br><a target="_blank" href="https://github.com/boy-hack/gwhatweb">https://github.com/boy-hack/gwhatweb</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>iOS渗透测试第一步---环境配置及简单基础<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25273-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25273-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>基于PHP的日志审计系统研究<br><a target="_blank" href="http://mp.weixin.qq.com/s/pIUICSwbgdo0JHAGgRxIAg">http://mp.weixin.qq.com/s/pIUICSwbgdo0JHAGgRxIAg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Java代码审计连载之—SQL注入<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-22170-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-22170-1-1.html?from=sec</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Blackhat兵器谱新添IOT安全武器<br><a target="_blank" href="http://www.freebuf.com/column/142421.html">http://www.freebuf.com/column/142421.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>h1702ctf 2017移动安全挑战赛全程回顾<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/28201274?group_id=875742872190738432">https://zhuanlan.zhihu.com/p/28201274?group_id=875742872190738432</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>BlackHat2017热点之DefPloreX—大规模网络犯罪取证的机器学习工具<br><a target="_blank" href="http://www.4hou.com/tools/6881.html">http://www.4hou.com/tools/6881.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>educn-sqlScan: 对全国edu域名以及其二级域名进行的一次Sql注入<br><a target="_blank" href="https://github.com/fiht/educn-sqlScan">https://github.com/fiht/educn-sqlScan</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>深入理解hash长度扩展攻击（sha1为例）<br><a target="_blank" href="http://www.freebuf.com/articles/web/69264.html">http://www.freebuf.com/articles/web/69264.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Webgoat中关于注入的学习<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484607&amp;idx=1&amp;sn=c18d6ef2e5041b25271e3f10fc090ae6&amp;chksm=ec1e3497db69bd81a21ef6f2d40bbc71be9d35e74a5c4e4276f2e6fc0f0997ad955c8275d32a#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484607&amp;idx=1&amp;sn=c18d6ef2e5041b25271e3f10fc090ae6&amp;chksm=ec1e3497db69bd81a21ef6f2d40bbc71be9d35e74a5c4e4276f2e6fc0f0997ad955c8275d32a#rd</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>最全的中文版深度学习资源索引<br><a target="_blank" href="https://github.com/Sambor123/Awesome-Deep-Learning-for-Chinese">https://github.com/Sambor123/Awesome-Deep-Learning-for-Chinese</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2015-2545 Word 利用样本分析<br><a target="_blank" href="http://paper.seebug.org/368/">http://paper.seebug.org/368/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>调戏木马病毒的正确姿势——上篇<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-16848-1-1.html?from=sec">http://bbs.ichunqiu.com/thread-16848-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> Python系列之——利用Python实现微博监控<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25216-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25216-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透过程中的 Some Tricks<br><a target="_blank" href="https://evi1cg.me/archives/Tricks.html">https://evi1cg.me/archives/Tricks.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>文件寄生——寄生虫自体繁衍的道路.<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-21322-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-21322-1-1.html?from=sec</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>WSSiP: A WebSocket Manipulation Proxy<br><a target="_blank" href="https://github.com/nccgroup/wssip">https://github.com/nccgroup/wssip</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>从无到有通过ISO27001认证-建设篇<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1922.html">https://xianzhi.aliyun.com/forum/read/1922.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>带你走进二进制-一次APT攻击分析<br><a target="_blank" href=" https://bbs.ichunqiu.com/thread-25291-1-1.html?from=sec"> https://bbs.ichunqiu.com/thread-25291-1-1.html?from=sec</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>crawler_email: crawl email of BBS 论坛邮件地址获取<br><a target="_blank" href="https://github.com/jingchengyou/crawler_email">https://github.com/jingchengyou/crawler_email</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>TrickBot comes with new tricks – attacking Outlook and browsing data<br><a target="_blank" href="https://blog.malwarebytes.com/threat-analysis/2017/08/trickbot-comes-with-new-tricks-attacking-outlook-and-browsing-data/">https://blog.malwarebytes.com/threat-analysis/2017/08/trickbot-comes-with-new-tricks-attacking-outlook-and-browsing-data/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>在不熟悉C/C++情况下，hook windows事件<br><a target="_blank" href="http://www.4hou.com/info/news/6935.html">http://www.4hou.com/info/news/6935.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>DEF CON CTF 2017 Final Scores and Data Dumps<br><a target="_blank" href="https://blog.legitbs.net/2017/07/def-con-ctf-2017-final-scores-and-data.html">https://blog.legitbs.net/2017/07/def-con-ctf-2017-final-scores-and-data.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>一个钓鱼木马的分析（二）<br><a target="_blank" href="http://www.freebuf.com/column/143364.html">http://www.freebuf.com/column/143364.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>QA-Snake: 基于多搜索引擎和深度学习技术的自动问答<br><a target="_blank" href="https://github.com/SnakeHacker/QA-Snake">https://github.com/SnakeHacker/QA-Snake</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>[客户端安全] 调戏木马病毒的正确姿势——下篇<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-16846-1-1.html?fron=sec">https://bbs.ichunqiu.com/thread-16846-1-1.html?fron=sec</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>工控系统常见安全问题-浅析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651061700&amp;idx=1&amp;sn=9865283ea2f821b26315ba07ca8b137b&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651061700&amp;idx=1&amp;sn=9865283ea2f821b26315ba07ca8b137b&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>教你用python打造WiFiddos<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-18592-1-1.html?frpm=sec">http://bbs.ichunqiu.com/thread-18592-1-1.html?frpm=sec</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>IoTChecklist: Baseline IoT security checklist 物联网安全基线检查<br><a target="_blank" href="https://github.com/SecarmaLabs/IoTChecklist">https://github.com/SecarmaLabs/IoTChecklist</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>WSSAT - Web Service Security Assessment Tool<br><a target="_blank" href="http://www.kitploit.com/2017/07/wssat-web-service-security-assessment.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29">http://www.kitploit.com/2017/07/wssat-web-service-security-assessment.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>隐形的监控——无线键盘侦听<br><a target="_blank" href="http://www.toutiao.com/i6444684546402157070/">http://www.toutiao.com/i6444684546402157070/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>从无到有通过ISO27001认证-审核篇<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1939.html">https://xianzhi.aliyun.com/forum/read/1939.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>绕过AppLocker系列之CreateRestrictedToken的利用<br><a target="_blank" href="http://www.4hou.com/technology/6810.html">http://www.4hou.com/technology/6810.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Command and Control  via Gmail<br><a target="_blank" href="https://pentestlab.blog/2017/08/03/command-and-control-gmail/">https://pentestlab.blog/2017/08/03/command-and-control-gmail/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>how-do-i-get-started-with-v8-development-17e976ebe4a<br><a target="_blank" href="https://medium.com/@fhinkel/how-do-i-get-started-with-v8-development-17e976ebe4af">https://medium.com/@fhinkel/how-do-i-get-started-with-v8-development-17e976ebe4af</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>HID攻击进阶——WHID injector<br><a target="_blank" href="http://www.toutiao.com/i6447694012714320397/">http://www.toutiao.com/i6447694012714320397/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exploiting Second Order SQLi Flaws by using Burp &amp; Custom Sqlmap Tamper<br><a target="_blank" href="https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/">https://pentest.blog/exploiting-second-order-sqli-flaws-by-using-burp-custom-sqlmap-tamper/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>狗汪汪玩转嵌入式——I2C 协议分析<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1910.html">https://xianzhi.aliyun.com/forum/read/1910.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>2017 SANS内部威胁调研<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247485227&amp;idx=1&amp;sn=35fc4e8fbabdb1bd95d4cc3b813a1ca5&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&amp;mid=2247485227&amp;idx=1&amp;sn=35fc4e8fbabdb1bd95d4cc3b813a1ca5&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>文件寄生——寻找宿主的不归路(NTFS文件流实际应用)<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-21137-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-21137-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>IOS渗透测试第一步-基础知识统一放送<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25281-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25281-1-1.html?from=sec</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>云基础架构之CHIPSEC固件安全基线<br><a target="_blank" href="https://hardenedlinux.github.io/system-security/2017/07/31/firmware_chipsec.html">https://hardenedlinux.github.io/system-security/2017/07/31/firmware_chipsec.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>逆向脱壳附加数据处理<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-22711-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-22711-1-1.html?from=sec</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>手把手教你编写一个简单的PHP模块形态的后门<br><a target="_blank" href="http://www.freebuf.com/articles/web/141911.html">http://www.freebuf.com/articles/web/141911.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一次对路边饮用水RFID供应机的跑路玩法<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-24889-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-24889-1-1.html?from=sec</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/179">SecWiki周刊(第179期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
